CAS Configuration Storage

Various properties can be specified in CAS either inside configuration files or as command line switches. This section provides a list common CAS properties and references to the underlying modules that consume them.

This section outlines strategies that can be used to store CAS configuration and settings.

Standalone

This is the default configuration mode which indicates that CAS does NOT require connections to an external configuration server and will run in an embedded standalone mode.

The following settings and properties are available from the CAS configuration catalog:

The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.

The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value.

  • cas.standalone.configuration-directory=
  • Describes a directory path where CAS configuration may be found.

    org.apereo.cas.configuration.model.core.config.standalone.StandaloneConfigurationProperties.

  • cas.standalone.configuration-file=
  • Describes a file path where that contains the CAS properties in a single file.

    org.apereo.cas.configuration.model.core.config.standalone.StandaloneConfigurationProperties.

    Configuration Metadata

    The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.

    Be Selective

    This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.

    YAGNI

    Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.

    Naming Convention

    Property names can be specified in very relaxed terms. For instance cas.someProperty, cas.some-property, cas.some_property are all valid names. While all forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those that might be presented to the system via an external library or framework such as Spring Boot, etc. When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value.S ettings and properties that are controlled by the CAS platform directly always begin with the prefix cas. All other settings are controlled and provided to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the way you intend.

    Validation

    Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be recognized or validated by the configuration schema. The validation process is on by default and can be skipped on startup using a special system property SKIP_CONFIG_VALIDATION that should be set to true. Additional validation processes are also handled via Configuration Metadata and property migrations applied automatically on startup by Spring Boot and family.

    Indexed Settings

    CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value. The index [0] is meant to be incremented by the adopter to allow for distinct multiple configuration blocks.

    By Directory

    CAS by default will attempt to locate settings and properties inside a given directory and otherwise falls back to using:

    1. /etc/cas/config
    2. /opt/cas/config
    3. /var/cas/config

    CAS has the ability to also load a Groovy file for loading settings. The file is expected to be found at the above matching directory and should be named ${cas-application-name}.groovy, such as cas.groovy. The script is able to combine conditional settings for active profiles and common settings that are applicable to all environments and profiles into one location with a structure that is similar to the below example:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    
    // Settings may be filtered by individual profiles
    profiles {
        standalone {
            cas.some.setting="value"
        }
    }
    
    // This applies to all profiles and environments
    cas.common.setting="value"
    

    By File

    You can also use a dedicated configuration file to directly feed a collection of properties to CAS in form of a file or classpath resource. This is specially useful in cases where a bare CAS server is deployed in the cloud without the extra ceremony of a configuration server or an external directory for that matter and the deployer wishes to avoid overriding embedded configuration files.

    Spring Cloud

    The following settings are to be loaded by the CAS configuration runtime, which bootstraps the entire CAS running context. They are to be put inside the src/main/resources/bootstrap.properties of the configuration server itself. See this guide for more info.

    The configuration server backed by Spring Cloud supports the following profiles.

    Native

    Load settings from external properties/yaml configuration files.

    The following settings and properties are available from the CAS configuration catalog:

    The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.

    The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value.

    The configuration settings listed below are tagged as Third Party in the CAS configuration metadata. This flag indicates that the configuration setting is not controlled, owned or managed by the CAS ecosystem, and affects functionality that is offered by a third-party library, such as Spring Boot or Spring Cloud to CAS. For additional info, you might have to visit the third-party source to find more details.

  • spring.cloud.config.server.native.add-label-locations=true
  • Flag to determine whether label locations should be added.

    org.springframework.cloud.config.server.environment.NativeEnvironmentProperties.

  • spring.cloud.config.server.native.default-label=master
  • org.springframework.cloud.config.server.environment.NativeEnvironmentProperties.

  • spring.cloud.config.server.native.fail-on-error=false
  • Flag to determine how to handle exceptions during decryption (default false).

    org.springframework.cloud.config.server.environment.NativeEnvironmentProperties.

  • spring.cloud.config.server.native.order=
  • org.springframework.cloud.config.server.environment.NativeEnvironmentProperties.

  • spring.cloud.config.server.native.search-locations=
  • Locations to search for configuration files. Defaults to the same as a Spring Boot app so [classpath:/,classpath:/config/,file:./,file:./config/].

    org.springframework.cloud.config.server.environment.NativeEnvironmentProperties.

  • spring.cloud.config.server.native.version=
  • Version string to be reported for native repository.

    org.springframework.cloud.config.server.environment.NativeEnvironmentProperties.

  • spring.profiles.active=
  • Comma-separated list of active profiles. Can be overridden by a command line switch.

    org.springframework.boot.context.config.ConfigFileApplicationListener.

    Configuration Metadata

    The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.

    Be Selective

    This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.

    YAGNI

    Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.

    Naming Convention

    Property names can be specified in very relaxed terms. For instance cas.someProperty, cas.some-property, cas.some_property are all valid names. While all forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those that might be presented to the system via an external library or framework such as Spring Boot, etc. When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value.S ettings and properties that are controlled by the CAS platform directly always begin with the prefix cas. All other settings are controlled and provided to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the way you intend.

    Validation

    Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be recognized or validated by the configuration schema. The validation process is on by default and can be skipped on startup using a special system property SKIP_CONFIG_VALIDATION that should be set to true. Additional validation processes are also handled via Configuration Metadata and property migrations applied automatically on startup by Spring Boot and family.

    Indexed Settings

    CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value. The index [0] is meant to be incremented by the adopter to allow for distinct multiple configuration blocks.

    Git Repository

    Allow the CAS Spring Cloud configuration server to load settings from an internal/external Git repository. This then allows CAS to become a client of the configuration server, consuming settings over HTTP where needed.

    The following settings and properties are available from the CAS configuration catalog:

    The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.

    The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value.

    The configuration settings listed below are tagged as Third Party in the CAS configuration metadata. This flag indicates that the configuration setting is not controlled, owned or managed by the CAS ecosystem, and affects functionality that is offered by a third-party library, such as Spring Boot or Spring Cloud to CAS. For additional info, you might have to visit the third-party source to find more details.

  • spring.cloud.config.server.git.basedir=
  • Base directory for local working copy of repository.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

  • spring.cloud.config.server.git.clone-on-start=false
  • Flag to indicate that the repository should be cloned on startup (not on demand). Generally leads to slower startup but faster first query.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

  • spring.cloud.config.server.git.clone-submodules=false
  • Flag to indicate that the submodules in the repository should be cloned.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

  • spring.cloud.config.server.git.default-label=
  • The default label to be used with the remote repository.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

  • spring.cloud.config.server.git.delete-untracked-branches=false
  • Flag to indicate that the branch should be deleted locally if it's origin tracked branch was removed.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

  • spring.cloud.config.server.git.force-pull=false
  • Flag to indicate that the repository should force pull. If true discard any local changes and take from remote repository.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

  • spring.cloud.config.server.git.host-key=
  • Valid SSH host key. Must be set if hostKeyAlgorithm is also set.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

  • spring.cloud.config.server.git.host-key-algorithm=
  • One of ssh-dss, ssh-rsa, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, or ecdsa-sha2-nistp521. Must be set if hostKey is also set.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

  • spring.cloud.config.server.git.ignore-local-ssh-settings=false
  • If true, use property-based instead of file-based SSH config.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

  • spring.cloud.config.server.git.known-hosts-file=
  • Location of custom .known_hosts file.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

  • spring.cloud.config.server.git.order=
  • The order of the environment repository.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

  • spring.cloud.config.server.git.passphrase=
  • Passphrase for unlocking your ssh private key.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

  • spring.cloud.config.server.git.password=
  • Password for authentication with remote repository.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

  • spring.cloud.config.server.git.preferred-authentications=
  • Override server authentication method order. This should allow for evading login prompts if server has keyboard-interactive authentication before the publickey method.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

  • spring.cloud.config.server.git.private-key=
  • Valid SSH private key. Must be set if ignoreLocalSshSettings is true and Git URI is SSH format.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

  • spring.cloud.config.server.git.proxy=
  • HTTP proxy configuration.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

  • spring.cloud.config.server.git.refresh-rate=0
  • Time (in seconds) between refresh of the git repository.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

  • spring.cloud.config.server.git.repos=
  • Map of repository identifier to location and other properties.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

  • spring.cloud.config.server.git.search-paths=
  • Search paths to use within local working copy. By default searches only the root.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

  • spring.cloud.config.server.git.skip-ssl-validation=false
  • Flag to indicate that SSL certificate validation should be bypassed when communicating with a repository served over an HTTPS connection.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

  • spring.cloud.config.server.git.strict-host-key-checking=true
  • If false, ignore errors with host key.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

  • spring.cloud.config.server.git.timeout=5
  • Timeout (in seconds) for obtaining HTTP or SSH connection (if applicable), defaults to 5 seconds.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

  • spring.cloud.config.server.git.uri=
  • URI of remote repository.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

  • spring.cloud.config.server.git.username=
  • Username for authentication with remote repository.

    org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties.

  • spring.profiles.active=
  • Comma-separated list of active profiles. Can be overridden by a command line switch.

    org.springframework.boot.context.config.ConfigFileApplicationListener.

    Configuration Metadata

    The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.

    Be Selective

    This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.

    YAGNI

    Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.

    Naming Convention

    Property names can be specified in very relaxed terms. For instance cas.someProperty, cas.some-property, cas.some_property are all valid names. While all forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those that might be presented to the system via an external library or framework such as Spring Boot, etc. When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value.S ettings and properties that are controlled by the CAS platform directly always begin with the prefix cas. All other settings are controlled and provided to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the way you intend.

    Validation

    Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be recognized or validated by the configuration schema. The validation process is on by default and can be skipped on startup using a special system property SKIP_CONFIG_VALIDATION that should be set to true. Additional validation processes are also handled via Configuration Metadata and property migrations applied automatically on startup by Spring Boot and family.

    Indexed Settings

    CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value. The index [0] is meant to be incremented by the adopter to allow for distinct multiple configuration blocks.

    The above configuration also applies to online git-based repositories such as Github, BitBucket, etc.

    Consul

    Allow the CAS Spring Cloud configuration server to load settings from HashiCorp’s Consul.

    The following settings and properties are available from the CAS configuration catalog:

    The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.

    The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value.

    The configuration settings listed below are tagged as Third Party in the CAS configuration metadata. This flag indicates that the configuration setting is not controlled, owned or managed by the CAS ecosystem, and affects functionality that is offered by a third-party library, such as Spring Boot or Spring Cloud to CAS. For additional info, you might have to visit the third-party source to find more details.

  • spring.cloud.consul.config.acl-token=
  • org.springframework.cloud.consul.config.ConsulConfigProperties.

  • spring.cloud.consul.config.data-key=data
  • If format is Format.PROPERTIES or Format.YAML then the following field is used as key to look up consul for configuration.

    org.springframework.cloud.consul.config.ConsulConfigProperties.

  • spring.cloud.consul.config.default-context=application
  • org.springframework.cloud.consul.config.ConsulConfigProperties.

  • spring.cloud.consul.config.enabled=true
  • org.springframework.cloud.consul.config.ConsulConfigProperties.

  • spring.cloud.consul.config.fail-fast=true
  • Throw exceptions during config lookup if true, otherwise, log warnings.

    org.springframework.cloud.consul.config.ConsulConfigProperties.

  • spring.cloud.consul.config.format=
  • org.springframework.cloud.consul.config.ConsulConfigProperties.

  • spring.cloud.consul.config.name=
  • Alternative to spring.application.name to use in looking up values in consul KV.

    org.springframework.cloud.consul.config.ConsulConfigProperties.

  • spring.cloud.consul.config.prefix=
  • org.springframework.cloud.consul.config.ConsulConfigProperties.

    Deprecation status is WARNING with a replacement setting: spring.cloud.consul.config.prefixes.

  • spring.cloud.consul.config.prefixes=
  • org.springframework.cloud.consul.config.ConsulConfigProperties.

  • spring.cloud.consul.config.profile-separator=,
  • org.springframework.cloud.consul.config.ConsulConfigProperties.

  • spring.cloud.consul.config.watch.delay=1000
  • The value of the fixed delay for the watch in millis. Defaults to 1000.

    org.springframework.cloud.consul.config.ConsulConfigProperties$Watch.

  • spring.cloud.consul.config.watch.enabled=true
  • If the watch is enabled. Defaults to true.

    org.springframework.cloud.consul.config.ConsulConfigProperties$Watch.

  • spring.cloud.consul.config.watch.wait-time=55
  • The number of seconds to wait (or block) for watch query, defaults to 55. Needs to be less than default ConsulClient (defaults to 60). To increase ConsulClient timeout create a ConsulClient bean with a custom ConsulRawClient with a custom HttpClient.

    org.springframework.cloud.consul.config.ConsulConfigProperties$Watch.

    Configuration Metadata

    The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.

    Be Selective

    This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.

    YAGNI

    Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.

    Naming Convention

    Property names can be specified in very relaxed terms. For instance cas.someProperty, cas.some-property, cas.some_property are all valid names. While all forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those that might be presented to the system via an external library or framework such as Spring Boot, etc. When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value.S ettings and properties that are controlled by the CAS platform directly always begin with the prefix cas. All other settings are controlled and provided to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the way you intend.

    Validation

    Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be recognized or validated by the configuration schema. The validation process is on by default and can be skipped on startup using a special system property SKIP_CONFIG_VALIDATION that should be set to true. Additional validation processes are also handled via Configuration Metadata and property migrations applied automatically on startup by Spring Boot and family.

    Indexed Settings

    CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value. The index [0] is meant to be incremented by the adopter to allow for distinct multiple configuration blocks.

    Vault

    Allow the CAS Spring Cloud configuration server to load settings from HashiCorp’s Vault.

    The following settings and properties are available from the CAS configuration catalog:

    The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.

    The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value.

    The configuration settings listed below are tagged as Third Party in the CAS configuration metadata. This flag indicates that the configuration setting is not controlled, owned or managed by the CAS ecosystem, and affects functionality that is offered by a third-party library, such as Spring Boot or Spring Cloud to CAS. For additional info, you might have to visit the third-party source to find more details.

  • spring.cloud.vault.app-id.app-id-path=app-id
  • Mount path of the AppId authentication backend.

    org.springframework.cloud.vault.config.VaultProperties$AppIdProperties.

  • spring.cloud.vault.app-id.network-interface=
  • Network interface hint for the "MAC_ADDRESS" UserId mechanism.

    org.springframework.cloud.vault.config.VaultProperties$AppIdProperties.

  • spring.cloud.vault.app-id.user-id=MAC_ADDRESS
  • UserId mechanism. Can be either "MAC_ADDRESS", "IP_ADDRESS", a string or a class name.

    org.springframework.cloud.vault.config.VaultProperties$AppIdProperties.

  • spring.cloud.vault.app-role.app-role-path=approle
  • Mount path of the AppRole authentication backend.

    org.springframework.cloud.vault.config.VaultProperties$AppRoleProperties.

  • spring.cloud.vault.app-role.role=
  • Name of the role, optional, used for pull-mode.

    org.springframework.cloud.vault.config.VaultProperties$AppRoleProperties.

  • spring.cloud.vault.app-role.role-id=
  • The RoleId.

    org.springframework.cloud.vault.config.VaultProperties$AppRoleProperties.

  • spring.cloud.vault.app-role.secret-id=
  • The SecretId.

    org.springframework.cloud.vault.config.VaultProperties$AppRoleProperties.

  • spring.cloud.vault.application-name=application
  • Application name for AppId authentication.

    org.springframework.cloud.vault.config.VaultProperties.

  • spring.cloud.vault.authentication=
  • org.springframework.cloud.vault.config.VaultProperties.

  • spring.cloud.vault.aws-ec2.aws-ec2-path=aws-ec2
  • Mount path of the AWS-EC2 authentication backend.

    org.springframework.cloud.vault.config.VaultProperties$AwsEc2Properties.

  • spring.cloud.vault.aws-ec2.identity-document=http://169.254.169.254/latest/dynamic/instance-identity/pkcs7
  • URL of the AWS-EC2 PKCS7 identity document.

    org.springframework.cloud.vault.config.VaultProperties$AwsEc2Properties.

  • spring.cloud.vault.aws-ec2.nonce=
  • Nonce used for AWS-EC2 authentication. An empty nonce defaults to nonce generation.

    org.springframework.cloud.vault.config.VaultProperties$AwsEc2Properties.

  • spring.cloud.vault.aws-ec2.role=
  • Name of the role, optional.

    org.springframework.cloud.vault.config.VaultProperties$AwsEc2Properties.

  • spring.cloud.vault.aws-iam.aws-path=aws
  • Mount path of the AWS authentication backend.

    org.springframework.cloud.vault.config.VaultProperties$AwsIamProperties.

  • spring.cloud.vault.aws-iam.endpoint-uri=
  • STS server URI. @since 2.2

    org.springframework.cloud.vault.config.VaultProperties$AwsIamProperties.

  • spring.cloud.vault.aws-iam.role=
  • Name of the role, optional. Defaults to the friendly IAM name if not set.

    org.springframework.cloud.vault.config.VaultProperties$AwsIamProperties.

  • spring.cloud.vault.aws-iam.server-name=
  • Name of the server used to set X-Vault-AWS-IAM-Server-ID header in the headers of login requests.

    org.springframework.cloud.vault.config.VaultProperties$AwsIamProperties.

  • spring.cloud.vault.azure-msi.azure-path=azure
  • Mount path of the Azure MSI authentication backend.

    org.springframework.cloud.vault.config.VaultProperties$AzureMsiProperties.

  • spring.cloud.vault.azure-msi.identity-token-service=
  • Identity token service URI. @since 3.0

    org.springframework.cloud.vault.config.VaultProperties$AzureMsiProperties.

  • spring.cloud.vault.azure-msi.metadata-service=
  • Instance metadata service URI. @since 3.0

    org.springframework.cloud.vault.config.VaultProperties$AzureMsiProperties.

  • spring.cloud.vault.azure-msi.role=
  • Name of the role.

    org.springframework.cloud.vault.config.VaultProperties$AzureMsiProperties.

  • spring.cloud.vault.config.lifecycle.enabled=true
  • Enable lifecycle management.

    org.springframework.cloud.vault.config.VaultProperties$ConfigLifecycle.

  • spring.cloud.vault.config.lifecycle.expiry-threshold=
  • The expiry threshold. Lease is renewed the given Duration before it expires. @since 2.2

    org.springframework.cloud.vault.config.VaultProperties$ConfigLifecycle.

  • spring.cloud.vault.config.lifecycle.lease-endpoints=
  • Set the LeaseEndpoints to delegate renewal/revocation calls to. LeaseEndpoints encapsulates differences between Vault versions that affect the location of renewal/revocation endpoints. Can be LeaseEndpoints#SysLeases for version 0.8 or above of Vault or LeaseEndpoints#Legacy for older versions (the default). @since 2.2

    org.springframework.cloud.vault.config.VaultProperties$ConfigLifecycle.

  • spring.cloud.vault.config.lifecycle.min-renewal=
  • The time period that is at least required before renewing a lease. @since 2.2

    org.springframework.cloud.vault.config.VaultProperties$ConfigLifecycle.

  • spring.cloud.vault.config.order=0
  • Used to set a org.springframework.core.env.PropertySource priority. This is useful to use Vault as an override on other property sources. @see org.springframework.core.PriorityOrdered

    org.springframework.cloud.vault.config.VaultProperties$Config.

    Deprecation status is WARNING without a replacement setting.

  • spring.cloud.vault.connection-timeout=5000
  • Connection timeout.

    org.springframework.cloud.vault.config.VaultProperties.

  • spring.cloud.vault.discovery.enabled=false
  • Flag to indicate that Vault server discovery is enabled (vault server URL will be looked up via discovery).

    org.springframework.cloud.vault.config.VaultProperties$Discovery.

  • spring.cloud.vault.discovery.service-id=vault
  • Service id to locate Vault.

    org.springframework.cloud.vault.config.VaultProperties$Discovery.

  • spring.cloud.vault.enabled=true
  • Enable Vault config server.

    org.springframework.cloud.vault.config.VaultProperties.

  • spring.cloud.vault.fail-fast=false
  • Fail fast if data cannot be obtained from Vault.

    org.springframework.cloud.vault.config.VaultProperties.

  • spring.cloud.vault.gcp-gce.gcp-path=gcp
  • Mount path of the Kubernetes authentication backend.

    org.springframework.cloud.vault.config.VaultProperties$GcpGceProperties.

  • spring.cloud.vault.gcp-gce.role=
  • Name of the role against which the login is being attempted.

    org.springframework.cloud.vault.config.VaultProperties$GcpGceProperties.

  • spring.cloud.vault.gcp-gce.service-account=
  • Optional service account id. Using the default id if left unconfigured.

    org.springframework.cloud.vault.config.VaultProperties$GcpGceProperties.

  • spring.cloud.vault.gcp-iam.credentials.encoded-key=
  • The base64 encoded contents of an OAuth2 account private key in JSON format.

    org.springframework.cloud.vault.config.VaultProperties$GcpCredentials.

  • spring.cloud.vault.gcp-iam.credentials.location=
  • Location of the OAuth2 credentials private key.

    Since this is a Resource, the private key can be in a multitude of locations, such as a local file system, classpath, URL, etc.

    org.springframework.cloud.vault.config.VaultProperties$GcpCredentials.

  • spring.cloud.vault.gcp-iam.gcp-path=gcp
  • Mount path of the Kubernetes authentication backend.

    org.springframework.cloud.vault.config.VaultProperties$GcpIamProperties.

  • spring.cloud.vault.gcp-iam.jwt-validity=15m
  • Validity of the JWT token.

    org.springframework.cloud.vault.config.VaultProperties$GcpIamProperties.

  • spring.cloud.vault.gcp-iam.project-id=
  • Overrides the GCP project Id.

    org.springframework.cloud.vault.config.VaultProperties$GcpIamProperties.

  • spring.cloud.vault.gcp-iam.role=
  • Name of the role against which the login is being attempted.

    org.springframework.cloud.vault.config.VaultProperties$GcpIamProperties.

  • spring.cloud.vault.gcp-iam.service-account-id=
  • Overrides the GCP service account Id.

    org.springframework.cloud.vault.config.VaultProperties$GcpIamProperties.

  • spring.cloud.vault.host=localhost
  • Vault server host.

    org.springframework.cloud.vault.config.VaultProperties.

  • spring.cloud.vault.kubernetes.kubernetes-path=kubernetes
  • Mount path of the Kubernetes authentication backend.

    org.springframework.cloud.vault.config.VaultProperties$KubernetesProperties.

  • spring.cloud.vault.kubernetes.role=
  • Name of the role against which the login is being attempted.

    org.springframework.cloud.vault.config.VaultProperties$KubernetesProperties.

  • spring.cloud.vault.kubernetes.service-account-token-file=/var/run/secrets/kubernetes.io/serviceaccount/token
  • Path to the service account token file.

    org.springframework.cloud.vault.config.VaultProperties$KubernetesProperties.

  • spring.cloud.vault.kv.application-name=application
  • Application name to be used for the context.

    org.springframework.cloud.vault.config.VaultKeyValueBackendProperties.

  • spring.cloud.vault.kv.backend=secret
  • Name of the default backend.

    org.springframework.cloud.vault.config.VaultKeyValueBackendProperties.

  • spring.cloud.vault.kv.backend-version=2
  • Key-Value backend version. Currently supported versions are:

    • Version 1 (unversioned key-value backend).
    • Version 2 (versioned key-value backend).

    org.springframework.cloud.vault.config.VaultKeyValueBackendProperties.

    Deprecation status is WARNING without a replacement setting.

  • spring.cloud.vault.kv.default-context=application
  • Name of the default context.

    org.springframework.cloud.vault.config.VaultKeyValueBackendProperties.

  • spring.cloud.vault.kv.enabled=true
  • Enable the kev-value backend.

    org.springframework.cloud.vault.config.VaultKeyValueBackendProperties.

  • spring.cloud.vault.kv.profile-separator=/
  • Profile-separator to combine application name and profile.

    org.springframework.cloud.vault.config.VaultKeyValueBackendProperties.

  • spring.cloud.vault.kv.profiles=
  • List of active profiles. @since 3.0

    org.springframework.cloud.vault.config.VaultKeyValueBackendProperties.

  • spring.cloud.vault.namespace=
  • Vault namespace (requires Vault Enterprise).

    org.springframework.cloud.vault.config.VaultProperties.

  • spring.cloud.vault.pcf.instance-certificate=
  • Path to the instance certificate (PEM). Defaults to CF_INSTANCE_CERT env variable.

    org.springframework.cloud.vault.config.VaultProperties$PcfProperties.

  • spring.cloud.vault.pcf.instance-key=
  • Path to the instance key (PEM). Defaults to CF_INSTANCE_KEY env variable.

    org.springframework.cloud.vault.config.VaultProperties$PcfProperties.

  • spring.cloud.vault.pcf.pcf-path=pcf
  • Mount path of the Kubernetes authentication backend.

    org.springframework.cloud.vault.config.VaultProperties$PcfProperties.

  • spring.cloud.vault.pcf.role=
  • Name of the role against which the login is being attempted.

    org.springframework.cloud.vault.config.VaultProperties$PcfProperties.

  • spring.cloud.vault.port=8200
  • Vault server port.

    org.springframework.cloud.vault.config.VaultProperties.

  • spring.cloud.vault.read-timeout=15000
  • Read timeout.

    org.springframework.cloud.vault.config.VaultProperties.

  • spring.cloud.vault.scheme=https
  • Protocol scheme. Can be either "http" or "https".

    org.springframework.cloud.vault.config.VaultProperties.

  • spring.cloud.vault.session.lifecycle.enabled=true
  • Enable session lifecycle management.

    org.springframework.cloud.vault.config.VaultProperties$SessionLifecycle.

  • spring.cloud.vault.session.lifecycle.expiry-threshold=7s
  • The expiry threshold for a LoginToken. The threshold represents a minimum TTL duration to consider a login token as valid. Tokens with a shorter TTL are considered expired and are not used anymore. Should be greater than refreshBeforeExpiry to prevent token expiry.

    org.springframework.cloud.vault.config.VaultProperties$SessionLifecycle.

  • spring.cloud.vault.session.lifecycle.refresh-before-expiry=5s
  • The time period that is at least required before renewing the LoginToken.

    org.springframework.cloud.vault.config.VaultProperties$SessionLifecycle.

  • spring.cloud.vault.ssl.cert-auth-path=cert
  • Mount path of the TLS cert authentication backend.

    org.springframework.cloud.vault.config.VaultProperties$Ssl.

  • spring.cloud.vault.ssl.enabled-cipher-suites=
  • List of enabled SSL/TLS cipher suites. @since 3.0.2

    org.springframework.cloud.vault.config.VaultProperties$Ssl.

  • spring.cloud.vault.ssl.enabled-protocols=
  • List of enabled SSL/TLS protocol. @since 3.0.2

    org.springframework.cloud.vault.config.VaultProperties$Ssl.

  • spring.cloud.vault.ssl.key-store=
  • Trust store that holds certificates and private keys.

    org.springframework.cloud.vault.config.VaultProperties$Ssl.

  • spring.cloud.vault.ssl.key-store-password=
  • Password used to access the key store.

    org.springframework.cloud.vault.config.VaultProperties$Ssl.

  • spring.cloud.vault.ssl.key-store-type=
  • Type of the key store. @since 3.0

    org.springframework.cloud.vault.config.VaultProperties$Ssl.

  • spring.cloud.vault.ssl.trust-store=
  • Trust store that holds SSL certificates.

    org.springframework.cloud.vault.config.VaultProperties$Ssl.

  • spring.cloud.vault.ssl.trust-store-password=
  • Password used to access the trust store.

    org.springframework.cloud.vault.config.VaultProperties$Ssl.

  • spring.cloud.vault.ssl.trust-store-type=
  • Type of the trust store. @since 3.0

    org.springframework.cloud.vault.config.VaultProperties$Ssl.

  • spring.cloud.vault.token=
  • Static vault token. Required if #authentication is TOKEN.

    org.springframework.cloud.vault.config.VaultProperties.

  • spring.cloud.vault.uri=
  • Vault URI. Can be set with scheme, host and port.

    org.springframework.cloud.vault.config.VaultProperties.

    Configuration Metadata

    The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.

    Be Selective

    This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.

    YAGNI

    Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.

    Naming Convention

    Property names can be specified in very relaxed terms. For instance cas.someProperty, cas.some-property, cas.some_property are all valid names. While all forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those that might be presented to the system via an external library or framework such as Spring Boot, etc. When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value.S ettings and properties that are controlled by the CAS platform directly always begin with the prefix cas. All other settings are controlled and provided to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the way you intend.

    Validation

    Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be recognized or validated by the configuration schema. The validation process is on by default and can be skipped on startup using a special system property SKIP_CONFIG_VALIDATION that should be set to true. Additional validation processes are also handled via Configuration Metadata and property migrations applied automatically on startup by Spring Boot and family.

    Indexed Settings

    CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value. The index [0] is meant to be incremented by the adopter to allow for distinct multiple configuration blocks.

    Token Authentication

    Tokens are the core method for authentication within Vault. Token authentication requires a static token to be provided.

    The following settings and properties are available from the CAS configuration catalog:

    The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.

    The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value.

    The configuration settings listed below are tagged as Third Party in the CAS configuration metadata. This flag indicates that the configuration setting is not controlled, owned or managed by the CAS ecosystem, and affects functionality that is offered by a third-party library, such as Spring Boot or Spring Cloud to CAS. For additional info, you might have to visit the third-party source to find more details.

  • spring.cloud.vault.authentication=
  • org.springframework.cloud.vault.config.VaultProperties.

    Configuration Metadata

    The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.

    Be Selective

    This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.

    YAGNI

    Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.

    Naming Convention

    Property names can be specified in very relaxed terms. For instance cas.someProperty, cas.some-property, cas.some_property are all valid names. While all forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those that might be presented to the system via an external library or framework such as Spring Boot, etc. When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value.S ettings and properties that are controlled by the CAS platform directly always begin with the prefix cas. All other settings are controlled and provided to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the way you intend.

    Validation

    Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be recognized or validated by the configuration schema. The validation process is on by default and can be skipped on startup using a special system property SKIP_CONFIG_VALIDATION that should be set to true. Additional validation processes are also handled via Configuration Metadata and property migrations applied automatically on startup by Spring Boot and family.

    Indexed Settings

    CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value. The index [0] is meant to be incremented by the adopter to allow for distinct multiple configuration blocks.

    AppID Authentication

    Vault supports AppId authentication that consists of two hard to guess tokens. The AppId defaults to spring.application.name that is statically configured. The second token is the UserId which is a part determined by the application, usually related to the runtime environment. Spring Cloud Vault Config supports IP address, Mac address and static UserId’s (e.g. supplied via System properties). The IP and Mac address are represented as Hex-encoded SHA256 hash.

    Using IP addresses:

    1
    
    export IP_ADDRESS=`echo -n 192.168.99.1 | sha256sum`
    

    Using MAC address:

    1
    
    export $MAC_ADDRESS=`echo -n ABCDEFGH | sha256sum`
    

    The following settings and properties are available from the CAS configuration catalog:

    The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.

    The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value.

    The configuration settings listed below are tagged as Third Party in the CAS configuration metadata. This flag indicates that the configuration setting is not controlled, owned or managed by the CAS ecosystem, and affects functionality that is offered by a third-party library, such as Spring Boot or Spring Cloud to CAS. For additional info, you might have to visit the third-party source to find more details.

  • spring.cloud.vault.app-id.app-id-path=app-id
  • Mount path of the AppId authentication backend.

    org.springframework.cloud.vault.config.VaultProperties$AppIdProperties.

  • spring.cloud.vault.app-id.network-interface=
  • Network interface hint for the "MAC_ADDRESS" UserId mechanism.

    org.springframework.cloud.vault.config.VaultProperties$AppIdProperties.

  • spring.cloud.vault.app-id.user-id=MAC_ADDRESS
  • UserId mechanism. Can be either "MAC_ADDRESS", "IP_ADDRESS", a string or a class name.

    org.springframework.cloud.vault.config.VaultProperties$AppIdProperties.

  • spring.cloud.vault.authentication=
  • org.springframework.cloud.vault.config.VaultProperties.

    Configuration Metadata

    The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.

    Be Selective

    This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.

    YAGNI

    Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.

    Naming Convention

    Property names can be specified in very relaxed terms. For instance cas.someProperty, cas.some-property, cas.some_property are all valid names. While all forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those that might be presented to the system via an external library or framework such as Spring Boot, etc. When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value.S ettings and properties that are controlled by the CAS platform directly always begin with the prefix cas. All other settings are controlled and provided to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the way you intend.

    Validation

    Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be recognized or validated by the configuration schema. The validation process is on by default and can be skipped on startup using a special system property SKIP_CONFIG_VALIDATION that should be set to true. Additional validation processes are also handled via Configuration Metadata and property migrations applied automatically on startup by Spring Boot and family.

    Indexed Settings

    CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value. The index [0] is meant to be incremented by the adopter to allow for distinct multiple configuration blocks.

    Kubernetes Authentication

    Kubernetes authentication mechanism allows to authenticate with Vault using a Kubernetes Service Account Token. The authentication is role based and the role is bound to a service account name and a namespace.

    The following settings and properties are available from the CAS configuration catalog:

    The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.

    The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value.

    The configuration settings listed below are tagged as Third Party in the CAS configuration metadata. This flag indicates that the configuration setting is not controlled, owned or managed by the CAS ecosystem, and affects functionality that is offered by a third-party library, such as Spring Boot or Spring Cloud to CAS. For additional info, you might have to visit the third-party source to find more details.

  • spring.cloud.vault.authentication=
  • org.springframework.cloud.vault.config.VaultProperties.

  • spring.cloud.vault.kubernetes.kubernetes-path=kubernetes
  • Mount path of the Kubernetes authentication backend.

    org.springframework.cloud.vault.config.VaultProperties$KubernetesProperties.

  • spring.cloud.vault.kubernetes.role=
  • Name of the role against which the login is being attempted.

    org.springframework.cloud.vault.config.VaultProperties$KubernetesProperties.

  • spring.cloud.vault.kubernetes.service-account-token-file=/var/run/secrets/kubernetes.io/serviceaccount/token
  • Path to the service account token file.

    org.springframework.cloud.vault.config.VaultProperties$KubernetesProperties.

    Configuration Metadata

    The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.

    Be Selective

    This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.

    YAGNI

    Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.

    Naming Convention

    Property names can be specified in very relaxed terms. For instance cas.someProperty, cas.some-property, cas.some_property are all valid names. While all forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those that might be presented to the system via an external library or framework such as Spring Boot, etc. When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value.S ettings and properties that are controlled by the CAS platform directly always begin with the prefix cas. All other settings are controlled and provided to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the way you intend.

    Validation

    Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be recognized or validated by the configuration schema. The validation process is on by default and can be skipped on startup using a special system property SKIP_CONFIG_VALIDATION that should be set to true. Additional validation processes are also handled via Configuration Metadata and property migrations applied automatically on startup by Spring Boot and family.

    Indexed Settings

    CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value. The index [0] is meant to be incremented by the adopter to allow for distinct multiple configuration blocks.

    Generic Backend v1

    The following settings and properties are available from the CAS configuration catalog:

    The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.

    The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value.

    The configuration settings listed below are tagged as Third Party in the CAS configuration metadata. This flag indicates that the configuration setting is not controlled, owned or managed by the CAS ecosystem, and affects functionality that is offered by a third-party library, such as Spring Boot or Spring Cloud to CAS. For additional info, you might have to visit the third-party source to find more details.

    Configuration Metadata

    The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.

    Be Selective

    This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.

    YAGNI

    Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.

    Naming Convention

    Property names can be specified in very relaxed terms. For instance cas.someProperty, cas.some-property, cas.some_property are all valid names. While all forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those that might be presented to the system via an external library or framework such as Spring Boot, etc. When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value.S ettings and properties that are controlled by the CAS platform directly always begin with the prefix cas. All other settings are controlled and provided to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the way you intend.

    Validation

    Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be recognized or validated by the configuration schema. The validation process is on by default and can be skipped on startup using a special system property SKIP_CONFIG_VALIDATION that should be set to true. Additional validation processes are also handled via Configuration Metadata and property migrations applied automatically on startup by Spring Boot and family.

    Indexed Settings

    CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value. The index [0] is meant to be incremented by the adopter to allow for distinct multiple configuration blocks.

    KV Backend v2

    The following settings and properties are available from the CAS configuration catalog:

    The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.

    The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value.

    The configuration settings listed below are tagged as Third Party in the CAS configuration metadata. This flag indicates that the configuration setting is not controlled, owned or managed by the CAS ecosystem, and affects functionality that is offered by a third-party library, such as Spring Boot or Spring Cloud to CAS. For additional info, you might have to visit the third-party source to find more details.

  • spring.cloud.vault.kv.application-name=application
  • Application name to be used for the context.

    org.springframework.cloud.vault.config.VaultKeyValueBackendProperties.

  • spring.cloud.vault.kv.backend=secret
  • Name of the default backend.

    org.springframework.cloud.vault.config.VaultKeyValueBackendProperties.

  • spring.cloud.vault.kv.backend-version=2
  • Key-Value backend version. Currently supported versions are:

    • Version 1 (unversioned key-value backend).
    • Version 2 (versioned key-value backend).

    org.springframework.cloud.vault.config.VaultKeyValueBackendProperties.

    Deprecation status is WARNING without a replacement setting.

  • spring.cloud.vault.kv.default-context=application
  • Name of the default context.

    org.springframework.cloud.vault.config.VaultKeyValueBackendProperties.

  • spring.cloud.vault.kv.enabled=true
  • Enable the kev-value backend.

    org.springframework.cloud.vault.config.VaultKeyValueBackendProperties.

  • spring.cloud.vault.kv.profile-separator=/
  • Profile-separator to combine application name and profile.

    org.springframework.cloud.vault.config.VaultKeyValueBackendProperties.

  • spring.cloud.vault.kv.profiles=
  • List of active profiles. @since 3.0

    org.springframework.cloud.vault.config.VaultKeyValueBackendProperties.

    Configuration Metadata

    The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.

    Be Selective

    This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.

    YAGNI

    Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.

    Naming Convention

    Property names can be specified in very relaxed terms. For instance cas.someProperty, cas.some-property, cas.some_property are all valid names. While all forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those that might be presented to the system via an external library or framework such as Spring Boot, etc. When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value.S ettings and properties that are controlled by the CAS platform directly always begin with the prefix cas. All other settings are controlled and provided to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the way you intend.

    Validation

    Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be recognized or validated by the configuration schema. The validation process is on by default and can be skipped on startup using a special system property SKIP_CONFIG_VALIDATION that should be set to true. Additional validation processes are also handled via Configuration Metadata and property migrations applied automatically on startup by Spring Boot and family.

    Indexed Settings

    CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value. The index [0] is meant to be incremented by the adopter to allow for distinct multiple configuration blocks.

    MongoDb

    Allow the CAS Spring Cloud configuration server to load settings from a MongoDb instance.

    The following settings and properties are available from the CAS configuration catalog:

    The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.

  • cas.spring.cloud.mongo.uri=
  • Mongodb URI.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.MongoDb.

    The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value.

    Configuration Metadata

    The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.

    Be Selective

    This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.

    YAGNI

    Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.

    Naming Convention

    Property names can be specified in very relaxed terms. For instance cas.someProperty, cas.some-property, cas.some_property are all valid names. While all forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those that might be presented to the system via an external library or framework such as Spring Boot, etc. When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value.S ettings and properties that are controlled by the CAS platform directly always begin with the prefix cas. All other settings are controlled and provided to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the way you intend.

    Validation

    Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be recognized or validated by the configuration schema. The validation process is on by default and can be skipped on startup using a special system property SKIP_CONFIG_VALIDATION that should be set to true. Additional validation processes are also handled via Configuration Metadata and property migrations applied automatically on startup by Spring Boot and family.

    Indexed Settings

    CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value. The index [0] is meant to be incremented by the adopter to allow for distinct multiple configuration blocks.

    Azure KeyVault Secrets

    Allow the CAS Spring Cloud configuration server to load settings from Microsoft Azure’s KeyVault instance.

    The following settings and properties are available from the CAS configuration catalog:

    The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.

    The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value.

    The configuration settings listed below are tagged as Third Party in the CAS configuration metadata. This flag indicates that the configuration setting is not controlled, owned or managed by the CAS ecosystem, and affects functionality that is offered by a third-party library, such as Spring Boot or Spring Cloud to CAS. For additional info, you might have to visit the third-party source to find more details.

  • azure.keyvault.allow-telemetry=
  • com.microsoft.azure.keyvault.spring.KeyVaultProperties.

  • azure.keyvault.case-sensitive-keys=
  • Defines the constant for the property that enables/disables case sensitive keys.

    com.microsoft.azure.keyvault.spring.KeyVaultProperties.

  • azure.keyvault.certificate-password=
  • com.microsoft.azure.keyvault.spring.KeyVaultProperties.

  • azure.keyvault.certificate-path=
  • com.microsoft.azure.keyvault.spring.KeyVaultProperties.

  • azure.keyvault.client-id=
  • com.microsoft.azure.keyvault.spring.KeyVaultProperties.

  • azure.keyvault.client-key=
  • com.microsoft.azure.keyvault.spring.KeyVaultProperties.

  • azure.keyvault.enabled=
  • com.microsoft.azure.keyvault.spring.KeyVaultProperties.

  • azure.keyvault.order=
  • The constant used to define the order of the key vaults you are delivering (comma delimited, e.g 'my-vault, my-vault-2').

    com.microsoft.azure.keyvault.spring.KeyVaultProperties.

  • azure.keyvault.refresh-interval=
  • com.microsoft.azure.keyvault.spring.KeyVaultProperties.

  • azure.keyvault.secret-keys=
  • com.microsoft.azure.keyvault.spring.KeyVaultProperties.

  • azure.keyvault.tenant-id=
  • com.microsoft.azure.keyvault.spring.KeyVaultProperties.

  • azure.keyvault.uri=
  • com.microsoft.azure.keyvault.spring.KeyVaultProperties.

    Configuration Metadata

    The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.

    Be Selective

    This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.

    YAGNI

    Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.

    Naming Convention

    Property names can be specified in very relaxed terms. For instance cas.someProperty, cas.some-property, cas.some_property are all valid names. While all forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those that might be presented to the system via an external library or framework such as Spring Boot, etc. When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value.S ettings and properties that are controlled by the CAS platform directly always begin with the prefix cas. All other settings are controlled and provided to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the way you intend.

    Validation

    Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be recognized or validated by the configuration schema. The validation process is on by default and can be skipped on startup using a special system property SKIP_CONFIG_VALIDATION that should be set to true. Additional validation processes are also handled via Configuration Metadata and property migrations applied automatically on startup by Spring Boot and family.

    Indexed Settings

    CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value. The index [0] is meant to be incremented by the adopter to allow for distinct multiple configuration blocks.

    ZooKeeper

    Allow the CAS Spring Cloud configuration server to load settings from an Apache ZooKeeper instance.

    The following settings and properties are available from the CAS configuration catalog:

    The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.

    The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value.

    The configuration settings listed below are tagged as Third Party in the CAS configuration metadata. This flag indicates that the configuration setting is not controlled, owned or managed by the CAS ecosystem, and affects functionality that is offered by a third-party library, such as Spring Boot or Spring Cloud to CAS. For additional info, you might have to visit the third-party source to find more details.

  • spring.cloud.zookeeper.base-sleep-time-ms=50
  • Initial amount of time to wait between retries.

    org.springframework.cloud.zookeeper.ZookeeperProperties.

  • spring.cloud.zookeeper.block-until-connected-unit=
  • The unit of time related to blocking on connection to Zookeeper.

    org.springframework.cloud.zookeeper.ZookeeperProperties.

  • spring.cloud.zookeeper.block-until-connected-wait=10
  • Wait time to block on connection to Zookeeper.

    org.springframework.cloud.zookeeper.ZookeeperProperties.

  • spring.cloud.zookeeper.config.default-context=application
  • The name of the default context.

    org.springframework.cloud.zookeeper.config.ZookeeperConfigProperties.

  • spring.cloud.zookeeper.config.enabled=true
  • org.springframework.cloud.zookeeper.config.ZookeeperConfigProperties.

  • spring.cloud.zookeeper.config.fail-fast=true
  • Throw exceptions during config lookup if true, otherwise, log warnings.

    org.springframework.cloud.zookeeper.config.ZookeeperConfigProperties.

  • spring.cloud.zookeeper.config.name=
  • Alternative to spring.application.name to use in looking up values in zookeeper.

    org.springframework.cloud.zookeeper.config.ZookeeperConfigProperties.

  • spring.cloud.zookeeper.config.profile-separator=,
  • Separator for profile appended to the application name.

    org.springframework.cloud.zookeeper.config.ZookeeperConfigProperties.

  • spring.cloud.zookeeper.config.root=config
  • Root folder where the configuration for Zookeeper is kept.

    org.springframework.cloud.zookeeper.config.ZookeeperConfigProperties.

  • spring.cloud.zookeeper.connect-string=localhost:2181
  • Connection string to the Zookeeper cluster.

    org.springframework.cloud.zookeeper.ZookeeperProperties.

  • spring.cloud.zookeeper.connection-timeout=
  • The configured connection timeout in milliseconds.

    org.springframework.cloud.zookeeper.ZookeeperProperties.

  • spring.cloud.zookeeper.enabled=true
  • Is Zookeeper enabled.

    org.springframework.cloud.zookeeper.ZookeeperProperties.

  • spring.cloud.zookeeper.max-retries=10
  • Max number of times to retry.

    org.springframework.cloud.zookeeper.ZookeeperProperties.

  • spring.cloud.zookeeper.max-sleep-ms=500
  • Max time in ms to sleep on each retry.

    org.springframework.cloud.zookeeper.ZookeeperProperties.

  • spring.cloud.zookeeper.session-timeout=
  • The configured/negotiated session timeout in milliseconds. Please refer to Curator's Tech Note 14 to understand how Curator implements connection sessions. @see Curator's Tech Note 14

    org.springframework.cloud.zookeeper.ZookeeperProperties.

    Configuration Metadata

    The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.

    Be Selective

    This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.

    YAGNI

    Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.

    Naming Convention

    Property names can be specified in very relaxed terms. For instance cas.someProperty, cas.some-property, cas.some_property are all valid names. While all forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those that might be presented to the system via an external library or framework such as Spring Boot, etc. When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value.S ettings and properties that are controlled by the CAS platform directly always begin with the prefix cas. All other settings are controlled and provided to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the way you intend.

    Validation

    Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be recognized or validated by the configuration schema. The validation process is on by default and can be skipped on startup using a special system property SKIP_CONFIG_VALIDATION that should be set to true. Additional validation processes are also handled via Configuration Metadata and property migrations applied automatically on startup by Spring Boot and family.

    Indexed Settings

    CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value. The index [0] is meant to be incremented by the adopter to allow for distinct multiple configuration blocks.

    Amazon Secrets Manager

    The following settings and properties are available from the CAS configuration catalog:

    The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.

  • cas.spring.cloud.aws.secrets-manager.credential-access-key=
  • Use access-key provided by AWS to authenticate.

    This setting supports the Spring Expression Language.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSecretsManager.

  • cas.spring.cloud.aws.secrets-manager.credential-secret-key=
  • Use secret key provided by AWS to authenticate.

    This setting supports the Spring Expression Language.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSecretsManager.

  • cas.spring.cloud.aws.secrets-manager.endpoint=
  • AWS custom endpoint.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSecretsManager.

  • cas.spring.cloud.aws.secrets-manager.region=
  • AWS region used.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSecretsManager.

    The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value.

  • cas.spring.cloud.aws.secrets-manager.client-execution-timeout=10000
  • Client execution timeout.

    This settings supports the java.time.Duration syntax [?].

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSecretsManager.

  • cas.spring.cloud.aws.secrets-manager.connection-timeout=5000
  • Connection timeout.

    This settings supports the java.time.Duration syntax [?].

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSecretsManager.

  • cas.spring.cloud.aws.secrets-manager.local-address=
  • Local address.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSecretsManager.

  • cas.spring.cloud.aws.secrets-manager.max-connections=10
  • Maximum connections setting.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSecretsManager.

  • cas.spring.cloud.aws.secrets-manager.profile-name=
  • Profile name to use.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSecretsManager.

  • cas.spring.cloud.aws.secrets-manager.profile-path=
  • Profile path.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSecretsManager.

  • cas.spring.cloud.aws.secrets-manager.proxy-host=
  • Optionally specifies the proxy host to connect through.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSecretsManager.

  • cas.spring.cloud.aws.secrets-manager.proxy-password=
  • Optionally specifies the proxy password to connect through.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSecretsManager.

  • cas.spring.cloud.aws.secrets-manager.proxy-username=
  • Optionally specifies the proxy username to connect through.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSecretsManager.

  • cas.spring.cloud.aws.secrets-manager.retry-mode=STANDARD
  • Outline the requested retry mode. Accepted values are STANDARD, LEGACY.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSecretsManager.

  • cas.spring.cloud.aws.secrets-manager.socket-timeout=5000
  • Socket timeout.

    This settings supports the java.time.Duration syntax [?].

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSecretsManager.

  • cas.spring.cloud.aws.secrets-manager.use-reaper=false
  • Flag that indicates whether to use reaper.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSecretsManager.

    Configuration Metadata

    The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.

    Be Selective

    This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.

    YAGNI

    Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.

    Naming Convention

    Property names can be specified in very relaxed terms. For instance cas.someProperty, cas.some-property, cas.some_property are all valid names. While all forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those that might be presented to the system via an external library or framework such as Spring Boot, etc. When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value.S ettings and properties that are controlled by the CAS platform directly always begin with the prefix cas. All other settings are controlled and provided to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the way you intend.

    Validation

    Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be recognized or validated by the configuration schema. The validation process is on by default and can be skipped on startup using a special system property SKIP_CONFIG_VALIDATION that should be set to true. Additional validation processes are also handled via Configuration Metadata and property migrations applied automatically on startup by Spring Boot and family.

    Indexed Settings

    CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value. The index [0] is meant to be incremented by the adopter to allow for distinct multiple configuration blocks.

    Amazon Parameter Store

    The following settings and properties are available from the CAS configuration catalog:

    The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.

  • cas.spring.cloud.aws.ssm.credential-access-key=
  • Use access-key provided by AWS to authenticate.

    This setting supports the Spring Expression Language.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSystemsManagerParameterStore.

  • cas.spring.cloud.aws.ssm.credential-secret-key=
  • Use secret key provided by AWS to authenticate.

    This setting supports the Spring Expression Language.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSystemsManagerParameterStore.

  • cas.spring.cloud.aws.ssm.endpoint=
  • AWS custom endpoint.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSystemsManagerParameterStore.

  • cas.spring.cloud.aws.ssm.region=
  • AWS region used.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSystemsManagerParameterStore.

    The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value.

  • cas.spring.cloud.aws.ssm.client-execution-timeout=10000
  • Client execution timeout.

    This settings supports the java.time.Duration syntax [?].

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSystemsManagerParameterStore.

  • cas.spring.cloud.aws.ssm.connection-timeout=5000
  • Connection timeout.

    This settings supports the java.time.Duration syntax [?].

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSystemsManagerParameterStore.

  • cas.spring.cloud.aws.ssm.local-address=
  • Local address.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSystemsManagerParameterStore.

  • cas.spring.cloud.aws.ssm.max-connections=10
  • Maximum connections setting.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSystemsManagerParameterStore.

  • cas.spring.cloud.aws.ssm.profile-name=
  • Profile name to use.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSystemsManagerParameterStore.

  • cas.spring.cloud.aws.ssm.profile-path=
  • Profile path.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSystemsManagerParameterStore.

  • cas.spring.cloud.aws.ssm.proxy-host=
  • Optionally specifies the proxy host to connect through.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSystemsManagerParameterStore.

  • cas.spring.cloud.aws.ssm.proxy-password=
  • Optionally specifies the proxy password to connect through.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSystemsManagerParameterStore.

  • cas.spring.cloud.aws.ssm.proxy-username=
  • Optionally specifies the proxy username to connect through.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSystemsManagerParameterStore.

  • cas.spring.cloud.aws.ssm.retry-mode=STANDARD
  • Outline the requested retry mode. Accepted values are STANDARD, LEGACY.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSystemsManagerParameterStore.

  • cas.spring.cloud.aws.ssm.socket-timeout=5000
  • Socket timeout.

    This settings supports the java.time.Duration syntax [?].

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSystemsManagerParameterStore.

  • cas.spring.cloud.aws.ssm.use-reaper=false
  • Flag that indicates whether to use reaper.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonSystemsManagerParameterStore.

    Configuration Metadata

    The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.

    Be Selective

    This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.

    YAGNI

    Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.

    Naming Convention

    Property names can be specified in very relaxed terms. For instance cas.someProperty, cas.some-property, cas.some_property are all valid names. While all forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those that might be presented to the system via an external library or framework such as Spring Boot, etc. When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value.S ettings and properties that are controlled by the CAS platform directly always begin with the prefix cas. All other settings are controlled and provided to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the way you intend.

    Validation

    Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be recognized or validated by the configuration schema. The validation process is on by default and can be skipped on startup using a special system property SKIP_CONFIG_VALIDATION that should be set to true. Additional validation processes are also handled via Configuration Metadata and property migrations applied automatically on startup by Spring Boot and family.

    Indexed Settings

    CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value. The index [0] is meant to be incremented by the adopter to allow for distinct multiple configuration blocks.

    Amazon S3

    The following settings and properties are available from the CAS configuration catalog:

    The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.

  • cas.spring.cloud.aws.s3.credential-access-key=
  • Use access-key provided by AWS to authenticate.

    This setting supports the Spring Expression Language.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonS3.

  • cas.spring.cloud.aws.s3.credential-secret-key=
  • Use secret key provided by AWS to authenticate.

    This setting supports the Spring Expression Language.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonS3.

  • cas.spring.cloud.aws.s3.endpoint=
  • AWS custom endpoint.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonS3.

  • cas.spring.cloud.aws.s3.region=
  • AWS region used.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonS3.

    The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value.

  • cas.spring.cloud.aws.s3.bucket-name=
  • Bucket name that holds the settings.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonS3.

  • cas.spring.cloud.aws.s3.client-execution-timeout=10000
  • Client execution timeout.

    This settings supports the java.time.Duration syntax [?].

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonS3.

  • cas.spring.cloud.aws.s3.connection-timeout=5000
  • Connection timeout.

    This settings supports the java.time.Duration syntax [?].

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonS3.

  • cas.spring.cloud.aws.s3.local-address=
  • Local address.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonS3.

  • cas.spring.cloud.aws.s3.max-connections=10
  • Maximum connections setting.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonS3.

  • cas.spring.cloud.aws.s3.profile-name=
  • Profile name to use.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonS3.

  • cas.spring.cloud.aws.s3.profile-path=
  • Profile path.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonS3.

  • cas.spring.cloud.aws.s3.proxy-host=
  • Optionally specifies the proxy host to connect through.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonS3.

  • cas.spring.cloud.aws.s3.proxy-password=
  • Optionally specifies the proxy password to connect through.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonS3.

  • cas.spring.cloud.aws.s3.proxy-username=
  • Optionally specifies the proxy username to connect through.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonS3.

  • cas.spring.cloud.aws.s3.retry-mode=STANDARD
  • Outline the requested retry mode. Accepted values are STANDARD, LEGACY.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonS3.

  • cas.spring.cloud.aws.s3.socket-timeout=5000
  • Socket timeout.

    This settings supports the java.time.Duration syntax [?].

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonS3.

  • cas.spring.cloud.aws.s3.use-reaper=false
  • Flag that indicates whether to use reaper.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonS3.

    Configuration Metadata

    The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.

    Be Selective

    This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.

    YAGNI

    Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.

    Naming Convention

    Property names can be specified in very relaxed terms. For instance cas.someProperty, cas.some-property, cas.some_property are all valid names. While all forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those that might be presented to the system via an external library or framework such as Spring Boot, etc. When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value.S ettings and properties that are controlled by the CAS platform directly always begin with the prefix cas. All other settings are controlled and provided to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the way you intend.

    Validation

    Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be recognized or validated by the configuration schema. The validation process is on by default and can be skipped on startup using a special system property SKIP_CONFIG_VALIDATION that should be set to true. Additional validation processes are also handled via Configuration Metadata and property migrations applied automatically on startup by Spring Boot and family.

    Indexed Settings

    CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value. The index [0] is meant to be incremented by the adopter to allow for distinct multiple configuration blocks.

    DynamoDb

    The following settings and properties are available from the CAS configuration catalog:

    The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.

  • cas.spring.cloud.dynamo-db.credential-access-key=
  • Use access-key provided by AWS to authenticate.

    This setting supports the Spring Expression Language.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonDynamoDb.

  • cas.spring.cloud.dynamo-db.credential-secret-key=
  • Use secret key provided by AWS to authenticate.

    This setting supports the Spring Expression Language.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonDynamoDb.

  • cas.spring.cloud.dynamo-db.endpoint=
  • AWS custom endpoint.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonDynamoDb.

  • cas.spring.cloud.dynamo-db.region=
  • AWS region used.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonDynamoDb.

    The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value.

  • cas.spring.cloud.dynamo-db.billing-mode=PROVISIONED
  • Billing mode specifies how you are charged for read and write throughput and how you manage capacity. Available values are as follows:

    • PROVISIONED: Provisioned mode means that you specify the number of reads and writes per second that you expect your application to use. Provisioned mode is a good option if any of the following are true:
      • You have predictable application traffic.
      • You run applications whose traffic is consistent or ramps gradually.
      • You can forecast capacity requirements to control costs.
      You can use auto scaling to automatically adjust capacity based on the specified utilization rate to ensure application performance while reducing costs.
    • PAY_PER_REQUEST: Pay-per-request or on-demand billing means that you're charged for only the read/write requests that you use. On-demand mode is a good option if any of the following are true:
      • You create new tables with unknown workloads.
      • You have unpredictable application traffic.
      • You prefer the ease of paying for only what you use.
      Tables using on-demand mode support all DynamoDB features (such as encryption at rest, point-in-time recovery, global tables, and so on) with the exception of auto scaling, which is not applicable with this mode.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonDynamoDb.

  • cas.spring.cloud.dynamo-db.client-execution-timeout=10000
  • Client execution timeout.

    This settings supports the java.time.Duration syntax [?].

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonDynamoDb.

  • cas.spring.cloud.dynamo-db.connection-timeout=5000
  • Connection timeout.

    This settings supports the java.time.Duration syntax [?].

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonDynamoDb.

  • cas.spring.cloud.dynamo-db.drop-tables-on-startup=false
  • Flag that indicates whether to drop tables on start up.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonDynamoDb.

  • cas.spring.cloud.dynamo-db.local-address=
  • Local address.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonDynamoDb.

  • cas.spring.cloud.dynamo-db.local-instance=false
  • Indicates that the database instance is local to the deployment that does not require or use any credentials or other configuration other than host and region. This is mostly used during development and testing.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonDynamoDb.

  • cas.spring.cloud.dynamo-db.max-connections=10
  • Maximum connections setting.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonDynamoDb.

  • cas.spring.cloud.dynamo-db.prevent-table-creation-on-startup=false
  • Flag that indicates whether to prevent CAS from creating tables.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonDynamoDb.

  • cas.spring.cloud.dynamo-db.profile-name=
  • Profile name to use.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonDynamoDb.

  • cas.spring.cloud.dynamo-db.profile-path=
  • Profile path.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonDynamoDb.

  • cas.spring.cloud.dynamo-db.proxy-host=
  • Optionally specifies the proxy host to connect through.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonDynamoDb.

  • cas.spring.cloud.dynamo-db.proxy-password=
  • Optionally specifies the proxy password to connect through.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonDynamoDb.

  • cas.spring.cloud.dynamo-db.proxy-username=
  • Optionally specifies the proxy username to connect through.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonDynamoDb.

  • cas.spring.cloud.dynamo-db.read-capacity=10
  • Read capacity.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonDynamoDb.

  • cas.spring.cloud.dynamo-db.retry-mode=STANDARD
  • Outline the requested retry mode. Accepted values are STANDARD, LEGACY.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonDynamoDb.

  • cas.spring.cloud.dynamo-db.socket-timeout=5000
  • Socket timeout.

    This settings supports the java.time.Duration syntax [?].

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonDynamoDb.

  • cas.spring.cloud.dynamo-db.time-offset=0
  • Time offset.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonDynamoDb.

  • cas.spring.cloud.dynamo-db.use-reaper=false
  • Flag that indicates whether to use reaper.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonDynamoDb.

  • cas.spring.cloud.dynamo-db.write-capacity=10
  • Write capacity.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.AmazonDynamoDb.

    Configuration Metadata

    The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.

    Be Selective

    This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.

    YAGNI

    Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.

    Naming Convention

    Property names can be specified in very relaxed terms. For instance cas.someProperty, cas.some-property, cas.some_property are all valid names. While all forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those that might be presented to the system via an external library or framework such as Spring Boot, etc. When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value.S ettings and properties that are controlled by the CAS platform directly always begin with the prefix cas. All other settings are controlled and provided to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the way you intend.

    Validation

    Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be recognized or validated by the configuration schema. The validation process is on by default and can be skipped on startup using a special system property SKIP_CONFIG_VALIDATION that should be set to true. Additional validation processes are also handled via Configuration Metadata and property migrations applied automatically on startup by Spring Boot and family.

    Indexed Settings

    CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value. The index [0] is meant to be incremented by the adopter to allow for distinct multiple configuration blocks.

    JDBC

    Allow the CAS Spring Cloud configuration server to load settings from a RDBMS instance.

    The following settings and properties are available from the CAS configuration catalog:

    The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.

    The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value.

  • cas.spring.cloud.jdbc.driver-class=
  • Driver class name.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.Jdbc.

  • cas.spring.cloud.jdbc.password=
  • Database password.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.Jdbc.

  • cas.spring.cloud.jdbc.sql=
  • SQL statement.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.Jdbc.

  • cas.spring.cloud.jdbc.url=
  • Database url.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.Jdbc.

  • cas.spring.cloud.jdbc.user=
  • Database user.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.Jdbc.

    Control global properties that are relevant to Hibernate, when CAS attempts to employ and utilize database resources, connections and queries.

  • cas.jdbc.case-insensitive=false
  • When choosing physical table names, determine whether names should be considered case-insensitive.

  • cas.jdbc.gen-ddl=true
  • Whether to generate DDL after the EntityManagerFactory has been initialized creating/updating all relevant tables.

  • cas.jdbc.physical-table-names=
  • Indicate a physical table name to be used by the hibernate naming strategy in case table names need to be customized for the specific type of database. The key here indicates the CAS-provided table name and the value is the translate physical name for the database. If a match is not found for the CAS-provided table name, then that name will be used by default.

  • cas.jdbc.show-sql=false
  • Whether SQL queries should be displayed in the console/logs.

    Configuration Metadata

    The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.

    Be Selective

    This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.

    YAGNI

    Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.

    Naming Convention

    Property names can be specified in very relaxed terms. For instance cas.someProperty, cas.some-property, cas.some_property are all valid names. While all forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those that might be presented to the system via an external library or framework such as Spring Boot, etc. When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value.S ettings and properties that are controlled by the CAS platform directly always begin with the prefix cas. All other settings are controlled and provided to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the way you intend.

    Validation

    Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be recognized or validated by the configuration schema. The validation process is on by default and can be skipped on startup using a special system property SKIP_CONFIG_VALIDATION that should be set to true. Additional validation processes are also handled via Configuration Metadata and property migrations applied automatically on startup by Spring Boot and family.

    Indexed Settings

    CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value. The index [0] is meant to be incremented by the adopter to allow for distinct multiple configuration blocks.

    REST

    Allow the CAS Spring Cloud configuration server to load settings from a REST API.

    The following settings and properties are available from the CAS configuration catalog:

    The configuration settings listed below are tagged as Required in the CAS configuration metadata. This flag indicates that the presence of the setting may be needed to activate or affect the behavior of the CAS feature and generally should be reviewed, possibly owned and adjusted. If the setting is assigned a default value, you do not need to strictly put the setting in your copy of the configuration, but should review it nonetheless to make sure it matches your deployment expectations.

  • cas.spring.cloud.rest.url=
  • The endpoint URL to contact and retrieve attributes.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.Rest.

    The configuration settings listed below are tagged as Optional in the CAS configuration metadata. This flag indicates that the presence of the setting is not immediately necessary in the end-user CAS configuration, because a default value is assigned or the activation of the feature is not conditionally controlled by the setting value.

  • cas.spring.cloud.rest.basic-auth-password=
  • If REST endpoint is protected via basic authentication, specify the password for authentication.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.Rest.

  • cas.spring.cloud.rest.basic-auth-username=
  • If REST endpoint is protected via basic authentication, specify the username for authentication.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.Rest.

  • cas.spring.cloud.rest.headers=
  • Headers, defined as a Map, to include in the request when making the REST call. Will overwrite any header that CAS is pre-defined to send and include in the request. Key in the map should be the header name and the value in the map should be the header value.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.Rest.

  • cas.spring.cloud.rest.method=GET
  • HTTP method to use when contacting the rest endpoint. Examples include GET, POST, etc.

    org.apereo.cas.configuration.model.core.config.cloud.SpringCloudConfigurationProperties.Rest.

    Configuration Metadata

    The collection of configuration properties listed in this section are automatically generated from the CAS source and components that contain the actual field definitions, types, descriptions, modules, etc. This metadata may not always be 100% accurate, or could be lacking details and sufficient explanations.

    Be Selective

    This section is meant as a guide only. Do NOT copy/paste the entire collection of settings into your CAS configuration; rather pick only the properties that you need. Do NOT enable settings unless you are certain of their purpose and do NOT copy settings into your configuration only to keep them as reference. All these ideas lead to upgrade headaches, maintenance nightmares and premature aging.

    YAGNI

    Note that for nearly ALL use cases, declaring and configuring properties listed here is sufficient. You should NOT have to explicitly massage a CAS XML/Java/etc configuration file to design an authentication handler, create attribute release policies, etc. CAS at runtime will auto-configure all required changes for you. If you are unsure about the meaning of a given CAS setting, do NOT turn it on without hesitation. Review the codebase or better yet, ask questions to clarify the intended behavior.

    Naming Convention

    Property names can be specified in very relaxed terms. For instance cas.someProperty, cas.some-property, cas.some_property are all valid names. While all forms are accepted by CAS, there are certain components (in CAS and other frameworks used) whose activation at runtime is conditional on a property value, where this property is required to have been specified in CAS configuration using kebab case. This is both true for properties that are owned by CAS as well as those that might be presented to the system via an external library or framework such as Spring Boot, etc. When possible, properties should be stored in lower-case kebab format, such as cas.property-name=value.S ettings and properties that are controlled by the CAS platform directly always begin with the prefix cas. All other settings are controlled and provided to CAS via other underlying frameworks and may have their own schemas and syntax. BE CAREFUL with the distinction. Unrecognized properties are rejected by CAS and/or frameworks upon which CAS depends. This means if you somehow misspell a property definition or fail to adhere to the dot-notation syntax and such, your setting is entirely refused by CAS and likely the feature it controls will never be activated in the way you intend.

    Validation

    Configuration properties are automatically validated on CAS startup to report issues with configuration binding, specially if defined CAS settings cannot be recognized or validated by the configuration schema. The validation process is on by default and can be skipped on startup using a special system property SKIP_CONFIG_VALIDATION that should be set to true. Additional validation processes are also handled via Configuration Metadata and property migrations applied automatically on startup by Spring Boot and family.

    Indexed Settings

    CAS settings able to accept multiple values are typically documented with an index, such as cas.some.setting[0]=value. The index [0] is meant to be incremented by the adopter to allow for distinct multiple configuration blocks.

    Configuration Security

    To learn more about how sensitive CAS settings can be secured, please review this guide.